Secure Desktop Unlock like 1Password 4 - Feature Inquiry
Background. When I used to use 1Password 4 for Windows, it had a Secure Desktop Unlock feature. I never really knew what it did, but I hoped it helped protect me and my master password from keylogger programs. I used it consistently and now I miss it a little bit in 1Password 6 Beta for Windows Desktop.
Question. Is there something about 1Password 6 Beta for Windows Desktop or Windows 10 that no longer benefits from a Secure Desktop Unlock feature? Or, is there a plan to add a Secure Desktop Unlock feature in the future?
1Password Version: 6.0.277d
Extension Version: 4.6.0.4
OS Version: Win 10 Pro 1607 14393.187
Sync Type: 1Password.com
Comments
-
@nhDOBsfc: Indeed. 1Password 4 uses the Windows Secure Desktop feature to limit the processes that have access to the screen while the Master Password is being entered. However, this is disabled by default because it can cause some serious stability issues on some systems.
The 1Password 6 Windows desktop beta app doesn't have support for Secure Desktop, but it's something we plan on adding in the future. Hopefully we can take advantage of newer Microsoft tools to (fingers crossed) avoid some of these compatibility issues so that more folks can benefit from this feature. I don't have a time frame on this, but it's definitely on our list. Thanks for bringing this up! :)
0 -
There's no ETA on this I guess?
Does this mean that 1PW 6 curently has a less securer input compared to 1PW 4 with Secure Desktop enabled?
0 -
@Damnatus: The only way it could matter is if your computer was insecure, compromised by malware of some kind. I think it's important to keep in mind that in that case, even if Secure Desktop is able to prevent the new owner of your computer from capturing your Master Password, they can simply collect the data as you access it. But while Secure Desktop isn't a panacea, you're right that it can be helpful in defining from one specific form of attack, so we'd very much like to add it in the future. I just don't want anyone to think that this protects them from anything else that's being done on an insecure system.
0 -
True.
But there are also special cases in which some programs more or less accidental (or careless) logging keys (see the HP Audio driver keylogger).Probably this would fall under your definition of "compromised by malware of some kind".
This shouldn't be the common mitigation case, I know.But as software one side gets more and more complex and interlinked and on the other side development is also subjugated to economical decision-making, it would be good to know that the next iteration of my favourite Password Vault software has some mitigation against not only malware, but also carelessness of other developers. And one of them is the Secure Desktop. That's why I brought it back up and asked :chuffed:
0 -
True. But there are also special cases in which some programs more or less accidental (or careless) logging keys (see the HP Audio driver keylogger).Probably this would fall under your definition of "compromised by malware of some kind". This shouldn't be the common mitigation case, I know.
@Damnatus: Good point, with a great example. I would consider that malware, but it's true that this is another the of threat which we have to consider. :(
But as software one side gets more and more complex and interlinked and on the other side development is also subjugated to economical decision-making, it would be good to know that the next iteration of my favourite Password Vault software has some mitigation against not only malware, but also carelessness of other developers. And one of them is the Secure Desktop. That's why I brought it back up and asked :chuffed:
You're absolutely right. I agree that it would help in some cases. It's just not something I can offer you now, or that I'd want anyone to depend on for security. Thanks for bringing this up! :)
0 -
Is this still pending?
0
